HackDig : Dig high-quality web security articles

Unfixed vulnerability in popular library puts IoT products at risk

Researchers have found a vulnerability in a popular C standard library in IoT products that could allow attackers to perform DNS poisoning attacks against a target device. The library is known to be used by major vendors such as Linksys, Netgear, and Axis, but also by Linux distributions such as Embedded Gentoo. Because the library maintainer was unable t
Publish At:2022-05-04 12:48 | Read:877 | Comments:0 | Tags:Exploits and vulnerabilities dns poisoning IoT library mitm

The npm netmask vulnerability explained so you can actually understand it

The popular npm netmask library recently encountered a serious problem, explained as follows: The npm netmask package incorrectly evaluates individual ipv4 octets that contain octal strings as left-stripped integers, leading to an inordinate attack surface on hundreds of thousands of projects that rely on netmask to filter or evaluate ipv4 block ranges, b
Publish At:2021-03-31 12:16 | Read:1749 | Comments:0 | Tags:Exploits and vulnerabilities cidr CVE-2021-28918 decimal dns

Android Native API Hooking with Library Injection and ELF Introspection.

This post can be considered both the part 2 of the previous "Dynamically inject a shared library into a running process on Android/ARM" and a proof of concept of the same, namely what can be done with library injection on Android. TL;DR I've updated the source code of the arminject project on github adding a library that once injected into a process will
Publish At:2015-05-04 23:30 | Read:9143 | Comments:0 | Tags:hooking api hooking library android injection elf relocation

Dynamically inject a shared library into a running process on Android/ARM

If you're familiar with Windows runtime code injection you probably know the great API CreateRemoteThread which lets us force an arbitrary running process to call LoadLibrary and load a DLL into its address space, this technique called DLL Injection is often used to perform user space API hooking, you can find a good post about it on Gianluca Braga's blog.
Publish At:2015-05-02 05:45 | Read:7272 | Comments:0 | Tags:hooking api hooking library android injection ptrace remote

RuberTooth - A complete Ruby porting of the ubertooth libraries and utilities.

Today, finally my ubertooth arrived and I immediately started hacking with it. I installed its libraries and tools both on OS X and on my Linux virtual machine, and after a while I noticed a few things: The compilation process is not well documented for newer versions of OS X, thus manual code patching here and there is required. Some of the tools are o
Publish At:2015-02-13 02:10 | Read:4985 | Comments:0 | Tags:hack library BLE bluetooth low energy bluetooth ubertooth ru

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3